A group of Israeli computer experts believes that computer viruses can be intercepted during their spread by utilizing a rapid-response immunity software that outpaces these viruses.
The scientists proposed establishing a network of “shortcuts” on the Internet exclusively for antivirus programs, allowing them to immunize computers before viruses can infiltrate.
Eran Shir from Tel Aviv University began contemplating this issue when the notorious Blaster worm spread globally via the Internet in 2003. He recalled, “It really annoyed me. Traditional antivirus software couldn’t keep up with its speed of infection.”
Antivirus software typically aims to prevent attacks on clean computers and seeks to eliminate viruses from infected machines. Research teams continuously search for new viruses and release software “updates”. These updates are distributed to computer users in hopes they will install them before a virus strikes. However, with this strategy, some viruses can get ahead by several days, wreaking havoc on the systems they infect.
Shir stated, “Software companies view the Internet merely as a complex FedEx service. Our concern is to find ways to immunize the entire computer network rather than scanning for viruses on individual machines or repairing those already infected.” To achieve this, he proposed using the very techniques of viruses to spread immunity.
Shir and his colleagues proposed a system that employs several computers acting as traps awaiting viruses. These computers run automated software capable of identifying viruses and subsequently sending out “signatures” of these viruses across the Internet. This would enable antivirus programs on all other computers in the network to recognize and block the virus before it can penetrate.
The main challenge here is ensuring that the virus “signatures” are transmitted over the Internet faster than the viruses themselves, allowing antivirus programs to intercept them in time. Shir remarked, “It is essential to create additional links in the computer network that only the immunity agents can utilize. They are akin to ‘wormholes’ in cyberspace.”
These “wormholes” could form a parallel network connecting to the virus trap computers. Assuming the shortcuts are established and secured, the virus “signatures” could stay one step ahead of the viruses.
Simulations by the research group showed that only a few trap computers are needed within large computer networks. In the U.S., there are about 200 million computers, and just 800,000 of these acting as traps could reduce the number of infected machines to just 2,000. Additionally, as the computer network grows, the number of trap computers would also increase at a constant rate of 0.4% of the total number of computers.
This is an intriguing plan, but is it feasible? Alessandro Vespignani, a computer science expert at Indiana University, noted that some companies have established intranets with programs capable of automatically detecting the presence of new viruses, and the architecture of the Internet is also well-suited for positioning trap computers.
However, he pointed out that human oversight is still needed to operate the trap computers, and it cannot be guaranteed that only antivirus agents would be able to utilize the “wormholes”. He cautioned, “Virus writers are smart folks, and they can devise methods to directly attack that parallel network.”
Shir currently has no plans to realize his idea but hopes it will come to fruition through an open-source project, free for all computer users who wish to participate. However, he believes that if a company adopts this idea and turns it into a practical application, everyone will be better protected against computer viruses.